Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  June 5, 2014 11:00pm-1:01am EDT

11:00 pm
it was an authoritarian state. i read the book "the chinese economy." it's pretty much like at modern economy. t a plan for a state-driven industrialization, which violates all the rules of neoclassical economics and is a developmental state. so that's just one of the paradoxes of our time. the china we're afraid of, a developmental capitalist state that dominates east asia, is what we actually wanted during world war ii, when it was simply not considered by anyone, i think, in the 1940s or even during the cold war, that the united states would permanently be not a major power with interests within asia. time to go to neoclassical economics which michael just derived. >> thank you, jacob.
11:01 pm
thank you, michael. as you know, michael, i hope you're right that we are at an inflection point, but i agree with ambassador burton, that i'm afraid you're not. maybe it's because i'm too busy listen to robert kagen and krauthammer saying no, we're not. we're doing fine the question is, what piece of evidence would convince them that the time has come to change course? you cite resistance from others, other great powers, the unwillingness to resources at home, and resistance to the public at large. there are still some that say we can clearly resource it. sfrply raise taxes or cut other spending. where is the u.s. public resistance. we don't have people in marching in the street as we did after vietnam. where is the evidence of balancing by other great powers? can you point to something there? it seems we don't have sufficient evidence to convince the other side that it's time to change course. >> well, that's a good point,
11:02 pm
particularly about the other great powers. now, it was one observed to me that in one of the crises over in north korea, the closer you got to north korea, the more relaxed everyone was about it. it was actually in washington people were more exercised than in south korea. and i think that's the case with russia. the germans have made it clear that they're dubious about another cold war with russia. i've read that the czechs are debating raising their military spending, i believe, to 1.5% of gdp. if this is a moment and russia is a great threat that it's being portrayed as, i assume the czechs would be debating maybe 15% of gdp, you know? we had 50% of the gdp during world war ii. they seem fairly relaxed. if we look at the neighbors of the china that we're supposed to
11:03 pm
be so frightened by, china is now the number one trading partner of south korea, and it's up there among the -- japan is increasing trade integration. so i think we have to take all of this with a grain of salt. one of the dangers of our alliance system is that it enables irresponsible behavior for domestic political reasons. on the part of nationalists in japan, south korea, and not so much in germany at this point. but it allows the leaders to talk tough and to, you know, poke either russia or china. at the same time, while profiting from their increasing economic integration. and that's fine. it's sort of a game. i'm from texas, you know, we have a rivalry with oklahoma. oklahoma calls texas baja oklahoma. so, you know, we know it's not a serious security threat. so now terms behalf pieces of
11:04 pm
evidence would convince the hard lined neo conservatives that the united states does not have a stake in global hegemony, i gave up trying to analyze it. i think even they would say at some point that it's clear that the united states is not pursuing of policy they favor. it would probably have to do with the defense budget. in the 1990s, robert kagan and bill crystal published an article, 4% or 6% of gdp being spent on defense. the u.s. is now -- at the end of the cold war, we went down to about 3% of gdp, which is respectable. it's a little more than britain and france. which have the greatest spending in western europe.
11:05 pm
it's a lot more now. and it shot up again after 9/11. under current budget plans, as i understand it -- it's arcing downwards to even bow low 3% in the 20s, it ebbs and changes. so i think even the supporters of the hegemony strategy would say at some point it cannot be carried out realistically. now that doesn't mean you won't still nominally have the alliances with japan or china think may last indefinitely. the other thing that may mark a clear break from the present period is if there are enough challenges to u.s. hegemony and the u.s. backs down enough, it will create a new situation. new facts on the ground and that -- remember, a lot of foreign policy is psychological. it's intimidation. and this is why i'm concerned.
11:06 pm
that is, i think it's very likely the u.s. will back down again and again and again because of what the australian diplomat calls asymmetry of resolve, that is something that is very important for them. like crimea to russia. it's just not that important for the united states. it's not worth going to war about. that's why we need an exit strategy, or we need to say here is our american vision of a europe that is not divided between american allies and american enemies. and in asia it's not divided between american protectorates and outsiders. and i think that's how we -- so it's not seen as backing down or unilateral retreat but building a new border with former enemies. >> the next question from james mann, who has written several books on the realists and
11:07 pm
neocons and on the obama administration, and told me he just completed a short biography on george w. bush. >> michael, thanks for this. i have one question you haven't mentioned but i read is in our article, which is immigration. i would be curious to know how it fits in your thinking and article. both -- and maybe it applies equally -- as to low skilled immigration, paradigm central america, and high-skilled paradigm i guess, india. >> i approach this from the view of strategy in general. if you have a rule governed global market with relatively free flows of capital and of labor, then you can have a shrinking population, and you're -- as long as per capita
11:08 pm
gdp is going up, then your country can get richer and richer. you know, so that japan, say, could shrink. fewer and fewer people every decade but the fewer people would be richer because the productivity growth is going up and they're better off. in a mercantilist world, in a world where some or most powers are treating economics as an instrument of state craft rather than a rule governed zerosome game, then the logic is different because the high degree of overlap between population and military power. it's not perfect overlap. you have large countries like india which are relatively weak. you have small companies britain has done since the industrial revolution, but in the long term, as productivity defuses and converges among country, all
11:09 pm
things being equal, a country with a larger population is going to be more powerful both in trade and the military than a smaller country. that's the geopolitics of it. what you see happening in the countries of the developed world is a very deep backlash against immigration the united states on the right and in europe even more so. now partly this is a backlash against a particular kind of immigration, muslim immigrants, rather than necessarily against ohs. but in the european case, it's against eastern european immigrants, too. you know, having said that, even though this will be my most visionary counterintuitive prediction of this talk, i think that in the 21st century, this defensiveness is going to be replaced among many
11:10 pm
nations, if not all, by competition for immigrants, which will be seen as a source of gdp growth, and also of military power, frankly, and the revenue base. right now, only a minority of countries have population rates above the replacement level. most countries are scheduled to stabilize and then start declining. largely parts of africa, central and south asia, even china is beyond the demographic transition. now seems inconceivable at this point that you could have the major nations of europe and east asia become relatively immigrant-friendly. obviously there's tensions in the united states. relatively immigrant-friendly nations. the way the united states and some other western hemisphere countries are. if the alternative is loss of military security as well as
11:11 pm
economic clout, then you're going to see a shift. this will be really, the most radical changes in world society in centuries. the pattern until recently was that the major countries of europe and asia sent people. they didn't import them. now birthrights are so low the only way they can stabilize the population is by importing people. at the same time, it raises question, okay, if you're going to bring in people merely to stabilize the population, much less to expand, in order not to deepen divides or ethnic lines within your territory, you need to have assimilation and integration of immigrants. this is a place where maybe i'm showing my biases here, i think the united states, you know, can had a pretty good model, at least until recently, both
11:12 pm
economic integration and cultural integration of immigrants. economically, if you have a booming economy and jobs for the middle class and so on, it's easier for outsider to get a stake in society. at the same time, the melting pot idea did not require immigrants to cut off all sub- national identities. but we had the hyphenated america. you were irish-american, you were greek-american. you were jewish-american. sweden-american. you could have both identities. this is still quite alien to most of the industrial nations. and i don't know which way they'll go. >> what would you say make senses for the news i have a hard time seeing japan in this -- which for a long time, has had low growth and you don't see the impact of changing immigration policies at all. >> to the extent that population is a basis for power, they will slip down the world
11:13 pm
power rankings as well as the gdp rankings, which is not to say they will be poor. you know, luxemburg, i think, has the highest per capita living standard in western europe. so countries may make the choice. >> michael, i wanted to ask you about something very contemporary now, which is we've had bob kagan's essay in the "new republic." declaring that superpowers can't go on vacation. today there was an op-ed by walter russell immediate, whom you know well in the "wall street journal" declaring that america can't go on break and we're seeing the dangerous consequences of a lack of resolve in american foreign policy in failing to stand up to vladmir putin.
11:14 pm
and the thesis was that putin, in a sense, is rescuing us from our own sins, awakening us to our bad behavior that we need to reform, and buck up, start exercising more vigorously, take a much harder stance toward foreign foes. even though president obama, whether you think he's a realist or not, he certainly enunciates realists -- some realist themes. this is a real pushback, i think, in washington against the notion of realism in american foreign policy. there's a very explicit denunciation in kagan's piece and walter russell meade's piece and by charles krauthammer of
11:15 pm
the idea that america can in fact act more prudently abroad. they would characterize it as cowardice and defeatism. many of the things you're talking about in your earlier really date back to the paul wolf wit wolfowitzs document in the george h.w. administration when he slapped down for espousing a strategy for the cold war in which the united states would retain hegemony in all parts of the world. it seems to me that the consensus may not consist in the american public. and the obama administration, as i see it at least, is waffling. but the consensus among elite -- i'm also -- this is also coming to mind because strobe tal bet
11:16 pm
introduced the other day and no one disagreed with what kagan was saying. it seems you have a consensus at the elite level that whether we call it liberal internationalism or neoconservative or some hybrid really is still dominance, at least among the foreign policy elite. would you disagree with that? >> no. i think there's a bipartisan consensus. it will start showing cracks. but the problem now -- it's not that it's fishering. it's still a solid consensus. the problem is the enormous gap between the claim we need to show resolve and the actual actions we will take. so, you know, we have to stand up to russia over crimea and ukraine. okay. so we might send some advisers to a baltic republic, right? putin retaliates by eliminating
11:17 pm
american-manned space flight for a decade. it's amazing. it's amazing. the united states no longer has manned space flight capability. we were hitching rides to the international space station on russian rockets. oh, and it gets better. the united states doesn't make many of rocket engines it needs for our own spy satellites, which is just as well, because the spy satellite the u.s. is temporarily using to communicate with the african forces is a chinese satellite. right? so on the one hand, we have the leaders of the foreign policy intelligence saying we must rule, we must stand up to russia and china. and at the same time, they is spent a generation dismantling the american military industrial complex. the united states does not build a single civilian ocean-going ship. thanks to president ronald reagan, from 1930s under franklin roosevelt all the way
11:18 pm
up to the reagan administration, the united states government had a simple policy. whatever subsidizes are offered to civilian shipmakers by other countries, the federal government will match. no questions asked. the reagan administration came in, we're stronger. number one, we're going to win the cold war. they decided this was a waste of money, so we would get rid of the subsidizes. consequently, the united states, apart from specialized navy ships and domestic barges protected by the jones ability on inland waterways, we have to borrow all of our ships, all right? that's my answer to all of these triumphialists. teddy roosevelt said "speak softly and carry a big stick." he didn't say denounce your rivals and ask if you can borrow or buy a stick.
11:19 pm
>> from much of what you have said it seems to me that the best friend a neoconcould ask for is mr. putin, because there was sort of a natural withering away of the overblown role that we were playing toward the end of the cold war. in fact, there have a conversation between senior bush vice president or just after becoming president where bush is meandering around talking about we have -- he says it would help if you could explain what this new role for nato is that you're talking about. # and bush starts saying we have to think in political terms about a new role in the period. he doesn't know. while we dope have an enemy. and he says, yes, isn't it inconvenient not having an enemy in putin has basically come forward. as a answer to every neocon's dream. he changed the rule of the game at least rhetorically. and made it much more difficult
11:20 pm
for anyone to talk about the standing down of american power. >> i think that's right. again, the question is what are the concrete actions if the united states is going to respond? now, it would not a bad thing if it were a sputnik moment and the response was, as it was to sputnik, let's upgrade our education, invest in infrastructure, redouble for r&d. as i suggested earlier, if you're going to have a genuine great power riv rlryes, but we may end up being on rival sides but at end of the day couldn't tri wntry with the bes technological base will hold out longer particularly if you have cold wars, wars of economic attrition. with the neoconservatives, and i think many of the neoliberal hawks have forgotten is that foreign policy has more than one
11:21 pm
instrument. the military is not the only instrument. and we have allowed our other instruments to decay by focusing on having marines in australia to contain china or, you know, putting some nato troops in estonia or something like that. i'll give you an example. the united states during the cold war, competed with the soviet union in terms of foreign aid and lending. africa is going to have 2 billion people by the year 2100. those are 2 billion. enormous needs for infrastructure. the chinese are building highways and ports and railroads in africa around the indian ocean and so on. while we have people on the left and the right in the u.s. congress trying to abolish the export-import bank. which on a mump, much, smaller scale helps to finance infrastructure and manufacturing with inputs from u.s. exporters
11:22 pm
in the rest of the world, right? as, you know, if you look at what is going on in eurasia now it's one of the greatest periods of infrastructure construction in history. pipelines, high-speed rail from china potentially 0 europe. and congress cannot agree to come up even with a tiny, modest pilot program nation of a national infrastructure bank. much smaller than the european investment bank or the state development banks that are possessed by brazil, india, russia, china, by all of these other countries. so i don't want to suggest by any means that we should relax and that we won't have great power conflicts, but we need to stop thinking in terms of sending divisions here and submarines there. the cold war was first and
11:23 pm
foremost an economic struggle. the reason the soviets cracked was their economy cracked. we were rich, prosperous, and innovative for a fraction of the money they spend on the military we could outspend them. that's how britain won the knee poll onic wars. it was much smaller than france. but it had better credit and more prosperous economy. it's the example in the world. it's ideological war. it's propaganda. even in the past of a few months, the revelation now about the nsa. taking faces from the internet. the revolution that the cia and afghanistan and pakistan was using hospital operations as a cover for getting dna from potential terrorist suspect.
11:24 pm
including bin laden's family. this is enormously damaging. you know, to america's image in the world. i share some of the concern of main stream foreign policy establishment with america's power and resolve. they're thinking in this kind of board game manner where it's just like moving troops here and there. and we need is a conversation assuming we face great power challenges, let's look at every dimension of power, including power and the power of influence and example. and not simply think it's a matter of sending an increasingly whittled down military ace symbolic presence here or there. >> michael, as a final question, let's test those powers of
11:25 pm
creativity i mentioned in ambassador burt commented on. it's 2015 what does america look like domestically and what is its standing in the world? >> well, there's been a number of studies of what the would will look like in terms of gdp in 2015. they tend to agree that the four major economies will be the united states, india, china, at least in terms of gdp, and the european union. and if we're looking at the middle of the 21st century, it's only a few decades from now, the united states will still be in an enviable position. it will be the only big country that is rich and vice versa. unlike robert kagan and the many of the neoconservatives. i think we're in a fairly secure world. the united states does not really have to control the south china sea or the marshes of prussia in order to be a world power. the source of our world power is we're the only first-world country that is only the scale
11:26 pm
of india and china. they would be big and important but they're going to be poorer per capita and have less disposable power. on the fourth area of major wealth, the european union, i think, will be some mix of cooperation and local sovereignty. it will not act as an entity in world affairs. probably by that time you will have a somewhat more liberalized mellowed russian nation. russia is part of europe. it's always been part of europe. the idea that russia is not a european country. the next time i hear them say germany is europe's largest country, no, russia is europe's large effort country. and interestingly enough by 2015, absence of major change in british immigration policy britain will have more people than germany. these things can change as a result of policy. if you look at the large, rich europe, in which the two largest nation states are russia and
11:27 pm
britain, that's somewhat different, you know, from the german dominated eurozone. i think there's reason for cautious optimism. and the fact is this is the world that we sought to create and the world conflict of the 21st century. we wanted china to be free from colonial domination. we wanted india to be independent. we wanted a whole europe that wasn't divided by an iron curtain. having achieved it, we're now saying it's so dangerous that we can't demobilize, we can't pull back, you know, we can't abandon anything. so, you know, maybe what we should do is declare a victory in the world wars. >> well, thank you, michael. having known him for many years, i was able to assure my colleague, paul saunders here, that in some meetings, you know,
11:28 pm
you get these air gaps where the room sort of goes silent. i assured him that with michael, there's never a dull moment, and we have barely scratched the surface, which you invigorating. i'm grateful to michael both for his cover story and for speaking with us today. [ applause ] friday, here on c-span 3 a conference on the state of the european union, with discussions about the euro currency, europe's relationship with the united states, and the european response to the ukraine crisis, live coverage 8:45 a.m. eastern.
11:29 pm
russia and united states is a nation which believes in its mission. and even our missions are similar. we believe in freedom. we believe in distribution of core values, which suddenly disappeared in '90 and 2000s but it didn't go anywhere, you know, it was still there. and so the biggest nation for russia during all of those years was the victory day. that is our main national holiday and that's what unites the whole nation, the fight against fashi fascism. and how it was presented to the nation by president putin is that in ukraine, those are western sponsored as iffists who came to power and he illustrated
11:30 pm
that with flex of former ukrainian liberation army who were with us in world war ii, he used us to prove these are factious fighting against both russian and ukrainian nation. it's misinterpretation we are looking just to protect russians or russian speaking minority. no, for the majority of russians we are continuing world war ii and we are liberating, really liberating ukraine, from the factious threat. >> this weekend on c-span, a look into politics of putin's russia, saturday, 10:00 eastern on book tv, live two-day coverage of the chicago tribute printers row lit fest. c-span 3 american history tv,
11:31 pm
70th anniversary of the d-day invasion of normandy, 10:30 eastern. next, discussion of computer threats to businesses, government cybersecurity regulations and business opportunities in providing computer security services. part of bloomberg government's day-long summit tuesday on computer security. this portion is two hours. >> thank you, admiral. we're going to have another panel come up right now. i'd like to interduroduce my colleague. tim lavin. defining what cyberthreats exist out there, pardon me, where they are what can be done to protect all of us. and i will -- with that, turn it over to tim. >> thank you, trish. good morning, everyone. we have an excellent panel here this morning.
11:32 pm
we have wade baker, manage principal of research and intelligence from verizon. we have mike allen, founder and manager director of beacon global strategies. mike leiter, and bob butler from the center for new american security adjunct senior fellow with technology in the national security program. to start, i think it's safe to say that the past year has not been a great one for cybersecurity. we had target, ebay, neiman-marcus, snapchat, chinese hackers, iranian hackers. what accounts for what seems like a surge in malicious online activity of all kinds recently? wade, start with you. >> i would actually say it's a combination of things, some of which is a change in the threat environment. i think there's an increase in attacks that comes through
11:33 pm
increasing move online. we use a huge number of devices and we access more things from more places at all times, so that just increases the surface area over time and keeps doing that. i also think that the mechanisms by which we come to know those things are also increasing. they're not happening at a higher frequency but we're seeing a higher proportion of them because of accountability and all kinds of disclosure and other things like that. >> i don't think it's a particularly rise. i think it is more cognizance of what happens actually happening is early as 2011, the u.s. intelligence community's talking about the role of china and cyberespionage. i think 2013 was the year of the retailer attack. they're increase willing going after our payment systems i think gradually, businesses, members of congress, and those of us in washington, in the washington policy community, are becoming more and more aware of
11:34 pm
nation state pilferage of our trade secrets. and it's something that we need to continue to talk about until we make decisive progress on legislati legislation, standards and other things we need protect the country. >> when you look at most serious threats facing american businesses, where are they coming from, who's behind them? what's the motivation tend to be? is it financial, espionage, some sort of ideological attachment, some combination therefore? what have you guys seen? >> from standpoint as security practitioner at io, we have 600 or so clients, my sense is there's, if you're a product company, there is an issue of i.p. and folks see that as an opportunity to get to level parody quickly. inside of that space, a lot of maneuvering in supply chain
11:35 pm
tampering as well as breach reconnaissance. in the network services businesses, i see the risk as certainly theft of pii, personal identifiable information, as well as compliance failure. a compliance failure, that's a big problem, or reputational risk. i think it depends on the business value, proposition of the company. i think you trace it back through threat intelligence in terms of intent and capability. >> it's no different from the noncyberworld. it's everything, it's all of the above. if you're russian organized crime, you used to muscle guys to fet a certain business in an area, you don't have to muscle, you have a steal credit card numbers and quadruple, times a hundred, the gains you had before. if you're china, distinction that we call between espionage and economic gain is a distinction that they don't see at all. we call it espionage.
11:36 pm
they see it as making their industry's more competitive with the west. and it's stealing intellectual property, trade secrets, negotiating information. if you're iran, it's less economic and more a tool of national power, disrupt bank of america because it has america in the title, and use distributed denial service attacks to make their life more difficult. it is everything we see in the physical world, with all of the same motivations, just being able to do it using asymmetric tool to reach a vastly wider audience of adversarial clients. >> verizon has dug into that question pretty deeply. are there trends that you see that would be edifying for american companies to think about, whether in terms of method of attack or intent? are there trends that you think that they should be paying attention to? >> yeah. and these things, ebb and flow over time. we've been able to take a
11:37 pm
ten-year slice of data and dig into, what do we know about incidents that have happened over the last decade. if you think ten years ago, what was going on in the spring/summer of 2004, i think it was when you had the internet worms, you came out of the summer, previous year where you had blaster and then you had netski and bagel. the purpose of a lot of what we were dealing with and worried about keeping servers on the line and not being knocked off the internet. since then organized crime has come of age and the tools that they're creating are amazing. i mean some of them are very, very automated, and the population of attackers that can harm every one of us, just at a push i've button, has grown because of the tools. there's this community and come modization of tools at all different levels. i think it's changing the game. and the trends are spreading out of that over the last ten years.
11:38 pm
>> wade's exactly right. worms of 2004, it's almost quaint. if you haven't done so, go cut and paste two or three paragraphs in the doj indictment of the chinese and put that in your next memo to the ceo and members of the board to show the sophistication in which the chinese are doing social engineering, sending e-mails. i think you can't but be shocked at the degree to which people are thinking through this to make economic or national espionage games. >> i'd like to get back to china in a second. when. you guys look at the, i think you called year of the retail hack, are there sort of brood, big picture lessons that we can draw from some of those high profile attacks with target, snapchat, that apply to corporations more generally? what to do, what not to do, how to respond? >> so my sense, in looking at
11:39 pm
target or adobe or any of the big breaches, i think there's a tendency to get lulled into this compliance area, right? i mean they had just competed a great compliance cert but two, three months later we see malwear implants. peel, big issue with people. people leaving, coming and going out of a security operation center, getting people trained, overworked, folks paying attention to alerts, know what to do with alert. extended enterprise, supply chain. we saw then tri through foszzio, how do we deal with supply chain and extended enterprise over time. it's a series of factors. there are lessons learned. the challenge i fine is by the time we identify the risk and looking back retrospectively, adversaries have move on. and so the gap is widening as
11:40 pm
you work through closing the risks that you just identified from the last breach. >> a vice president at symantec got a lot after tension a couple of weeks ago for an interview in the "wall street journal" in which he said anti-virus is dead. i'm not going to focus on stopping intrusions because i -- it's going to keep happening, i'm going to focus on detection and recovery. is that a prudent approach, do you guys think? >> i think overtime what we have to be able to do is share information to increase what's in our filters writ large, not only across the private sector but what the government can share with the private sector and the private sector can share with each other. i do think there's a lot to that statement when you read the indictment and see that plain old spear fishing which we've been hearing about over the past
11:41 pm
few years the cause of what the breaches were in alcoa and other things in pennsylvania when you see the same techniques and tactics, it's a reasonable conclusion to draw they'll definitely get in. but a lot of capability on the bench that's not been put out on the field yet. we have to work towards that so we might be a -- a rising tide might be able to lift all boats so we can spread around information so we're in better shape. >> i'm going it take a risk and say that potentially that quote by the press is not 100% reflective of symantec's strategy. symantec is a sponsor here. listen, anti-virus, as a solution to your cyberthreat is dead. anti-virus, as you know one of the arrows in the quiver, and especially for kind of the less sophisticated user, average customer, you know, average mother in iowa who isn't a
11:42 pm
cyberexpert, she should still have anti-virus protection, that will be part of a lot of strategy. you're alcoa, if you're boeing you need anti-virus but you need 20 other things, 10 of which are technical, 5 of which have to do with business process and 5 of which have to do deal with your people. anti-viruss a smaller arrow than five, ten years ago. >> you've got to work across the spectrum of planning where you're involved with protection and prevention activities which drives you back to threat intelligence and detection. you want to be on the he left side the exploit, right? as opposed to being on the right side of the exploit or the boom. you have to ready. network is breached, we can identify what we can, but you've got shift risks and do risk mitigation as well.
11:43 pm
i agree, you absolutely should be invested in doing detection and better jobs and up front surveillance but you have to be prepared for the consequence management on the backside. >> one thing about target, target's a good target because of its name. but the lesson for me from target is, people have to understand how good a company target is for security. >> yep. >> target has been more involved with industrial security practice than almost any company in the country. target was still the victim of a huge breach. target is not a traditional company many thought would be targeted. it's not rsa, all of whom also have been breached you have a company that's really good, wouldn't be a traditional target, and they're getting hit successfully. that means there is no company, because of the subject matter or expertise which doesn't face this as a real business risk. >> in terms of -- target's great
11:44 pm
example -- in terms of the businesses getting hit by one of the attacks, target's share price dropped, seems like it's bounced back. s this the new normal, consumers say this happens to everybody, we get pissed off we have to change our password, et cetera, but they come back and accept the fact this is part of the landscape of commerce in 2014? >> so this is something that has interested me for quite some time, is what is the real impact? of course, when talking about national security, that's a different question than internet fraud. so, but specifically, and something like a target incident, studies have shown that they do tend to bounce back. i think that might be changing. i do an experiment actually with my family on -- when we get together on holidays. over the past several years i've asked whatever the largest
11:45 pm
breach was in my world, have you guys heard of this? and never before target have they ever said yes. but everybody at the table said yes. i thought that was really interesting. i don't know if there's something it's changing of the per session. without at outrage you're not going to have people leaving in droves, maybe multiple timed, maybe matters more with business to business type of relationships when you lose that trust than it does with consumers, all of those things are factors in this. >> i think you have to look at the value of the organization, what the business value or the security value or what you're trying to market, right? so, again, if you're a product company, you're one trick product, right, that's a problem? that's a real problem. you probably won't recover easily. but if you have established branding in a broad array of products and services, i agree, i think -- you have a good
11:46 pm
reputation, i think you're in better shape. i will tell you that, a lot has to deal with how you handle the situation. in terms of the speed of recovery, in terms of revenue and profit. you know, i think there's case study going back, when i was serbing in government we looked at this in terms of reputation and what it took in terms of public imaging going forward. what boards did what ceos did, what sea level did, across, and those that had a strategy, that reached out, actually probably in a better position than most. >> i think the shoe has probably dropped on target, look back and now assess the damage done. i think a lot of these cases the shoe hasn't yet dropped. so, as bob said, if you are a product company and the intellectual property and sensitive trade material has been stolen on the product but a competitor hasn't built that product, hasn't gone to market
11:47 pm
on that product, it not at all clear how it will affect you and youred by and business opportunity. when we saw in the manufacturing companies in western pennsylvania took some time in economically it's been quite bad. the second piece is, i think there's probably going to be because we're americans, we're so proud of our productiveness, we're going to end up with a lot of litigation about this. a key point on the five companies, none of them reported to the s.e.c. about the breaches. i -- i am saying this because i know they know this. if you're a plaintiff's bar lawyer, wait a minute, you knew about the breaches for how many years and didn't report to the s.e.c. it might have a material impact on the stock price? there's going to be a mini industry which sprouts up around the breaches that's going to -- the stock value front as well and that's going to drive an
11:48 pm
additional degree of economic impact for companies. >> speaking of problem for product companies one of the things you hear in the tech world how the internet of thing is coming to life, companies are building products more and more that connect to the internet, whether it's your toothbrush, thermost thermostat. there's going to be 50 billion devices connected to the internet by 2020. is it not rational to panic and assume that all of these things are going to be compromised in some way, or am i paranoid about this? >> the chinese need a lot of server capacity to steal that data. >> i spend a lot of time looking at marriage of physical and cyber and data center, with industrial control systems, i. t. i think we've got to do a lot more work here as i look at what we have left open and the fact
11:49 pm
that we can -- we still organizationally consider things separate, we have facility managers running, data infrastructure, i.t. managers running the i.t. stacks and a lot of times they're not talking. technologic technologically, we're not there. from the adversary's perspective, you see a foreign intelligence service running through those things right. >> three thoughts with regards it the technology trends and internet of things. as we become more interconnected, we're seeing new invoeiation, cloud computing and virtualization. there's a need to create the transparency, right, to make people comfortable where their data is but we have to up the game in security. i think in the world of i.t. consumerization and mobile devices, smartphones and tab gets, here we have another challenge because i think, as we
11:50 pm
move forward in time, adversaries are going to exploit in global interconnected and environment, in big kay way. we're just beginning to see it with the malwear. as we look at i.p. adregs all over the place we've got to get ahead of that think about it from innovation efficiency effectiveness perspective but baking in as best we can risk mitigation activities. we're st. louis doing it reactive. >> the internet of things question. i try not to get too worked up about the latest threat and the trends and prefer to stand back and study them. that is concerning to me, kind of going back to your question, just by the blend of lots of separate threads converging there. so, so in the security defense area, i can't say that we've
11:51 pm
been highly successful yet in defending just a network, you know, like i castle. we haven't fully mastered that yet. now talking about not just defending the castle but the country and the entire empire spread out everywhere, all over the place, it just a different game. and the devices can't run all of the a.v. and ips and things that we load on them that take 90% of the processing power on our computers. it's going to fundamentally change things and that's the part that concerned me about it. your toothbrush, maybe it already exists but it doesn't, somebody's go owe spend how much tie is spent on their tooth. >> it does exist. >> it produces natural point of tension. bring your own defense policies, moving to cloud infrastructure. >> right.
11:52 pm
>> doing more sass, all of these things produce great efficiency for business. allows people to be more mobile, work from home, have relationships with supply chains and ways you could never imagine without this technology. from that sense, if you're a business, you're trying to increase sales, coverage, productivity, you're pushing this really hard. you have the pain in the tail risks, cybertypes saying, not so fast. it's a natural point of tension. and when you goent know what the repercussions of loss will be for some period, you say, security people, you fix that, we'll go down this bring your own device policy, come back to us when you have a solution and we're not sheing down the business. that leads to hard choices. >> is there more than the
11:53 pm
government could be doing to help businesses protect themselves? mike, you worked on the house intelligence community. what do you think we need from congress to protect businesses? >> look, i'm not saying that congress through an information sharing bill will absolutely solve the problem completely. i agree with what mike said earlier, you have to use a holistic approach, figure out what to do with standards, people, policy, and procedures within different companies. but like i said earlier, the government is in possession of information that if shared with the private sector, could help them stave off certain cyberattacks. the government, as you heard from at rogers through foreign intelligence mission has come into possession of certain malwear in other information that is of use to the private sector, that alone, people like to say, well, that's not very much, or it's not a finite
11:54 pm
amount of information, it's going to continue to evolve, and that's absolutely true. what congress needs to be able to do is try and eliminate the barriers to information sharing. it has to most people have written about the antitrust problems, most of those have been debunked so far. but certainly we need to be able to give liability protection to companies. this is where we had a lot of the controversy in the house of representatives on the legislation which passed twice with bipartisan majorities, by the way. but that was before edward snowden. one of the casualties of snowden, in addition to the tremendous foreign intelligence laws and billions of dollars and maybe less confidence in the u.s. intelligence services, is that now it's sort of the dpoeft in the machine. we were beginning to appoint where the president was raising cyberespionage as a key issue in our bilateral relationship with
11:55 pm
china, finally moving forward on cyberlegislation but post-snowden, that has in a sense affected all of this for the worst and really stymied progress across the board on cybersecurity legislation. >> go ahead. >> i was going to build on the points, i, you know, based on my perspective in the government and industry, we worked on this information sharing program back in the pentagon. certainly saw some downside but a lot of benefit in terms of building trust and to me we have got to move faster in that space. just based on what we just talked about with the threat. >> that's right. >> i also think that that trust, what i see, especially in the private sector, as you build into your either supply chain or a customer base, you're doing joint solutioning, right? not one organization, one person can handle what you need to do with regards to threat mitigation.
11:56 pm
if you internally try to do it it's really hard. it's information sharing that enables a level of trust where you can do some joint solutioning, and the government needs to reach out and we -- the industry also needs to reach the other way. and we need to develop much more rapidly cross sector sharing. >> i think the government can be a help but there's a huge capacity deficit and a trust deficit. and if companies are looking to the government to solve this problem they might well shut down the job right now. the nsa, fbi, they can throw everyone they wanted and still couldn't do 1/100, 1/1000 of what companies need to do to protect themselves. second, trust michael said, i won't belabor it, snowden destroyed any progressive legislation in this run. be careful what you wish for. pushing the government to be stronger, they did what the
11:57 pm
indictments, if in the indictments are the first step of multistage international effort to really coalesce pressure against china, that's a good thing. but many of the companies i talked to post doj indictment said, whoa. i've got a lot of business in china, i'm trying to do business in china, what about my data? >> how worried should companies be about that? where does this dispute go? does it keep escalating? >> companies should be very nebbous because there's a lot of uncertainty. do i think the chinese are going to start indicting u.s. officials? that could happen, how much does it matter to a company? not that much. do i think chinese will make it more difficult for u.s. companies to do business in china? they already have. two days after the indictments, requirement for information technology, companies to operate in china in a way they couldn't before. other companies that view china
11:58 pm
as one of the most significant growth markets over the next decade, looking at this very nervously. i don't think that americans should necessarily worry about their employees getting locked up tomorrow in shanghai or beijing, but are there further obstacles? could this escalate? i think if they're not looking at possibilities, again, they're crazy. >> on that cheerful note, i want to leave a few minutes here for questions i'm think we have a couple of microphones here, if anybody has something they want to ask, raise your hand. >> so you talk a lot about what organizations, corporations should do to protect, defend, collaborate, to share. what's your perspective on the what the technology provider do, what's the customer provider relationship expectations about what's baked in for capables when i buy the solutions? why do we keep hearing about bug
11:59 pm
fixes for products that were rushed to market instead of engineered bettor start with? >> you want to take that one? >> i'll take it from a couple of different angles. one is in the customer technology provider relationship, i think there's a lot more attention on service level agreements, what's in it, what's out of it, and depends where you sit in termss of responsibility and accountability. i think the challenge is we typically want to avoid risk and so we try to write in insurances within the slas to make sure that we're not liable. we haven't gotten to a point, going back to early point on trust, how we collaborate. i do see that, as especially in consulting as well as with a company, we are getting more and more into this issue as we get into deeper discussions on audits.
12:00 am
which is helping us. >> relooking at slas, how to work together i see it also with as we're working through compliance regimes. captions copyright national cable satellite corp. 2008 captioning performed by vitac
12:01 am
12:02 am
12:03 am
12:04 am
12:05 am
12:06 am
12:07 am
12:08 am
12:09 am
12:10 am
12:11 am
12:12 am
12:13 am
12:14 am
12:15 am
12:16 am
12:17 am
12:18 am
12:19 am
12:20 am
12:21 am
12:22 am
12:23 am
12:24 am
12:25 am
12:26 am
12:27 am
12:28 am
12:29 am
12:30 am
12:31 am
12:32 am
12:33 am
12:34 am
12:35 am
12:36 am
12:37 am
12:38 am
12:39 am
12:40 am
12:41 am
12:42 am
12:43 am
12:44 am
12:45 am
12:46 am
12:47 am
12:48 am
12:49 am
12:50 am
12:51 am
12:52 am
12:53 am
12:54 am
12:55 am
12:56 am
12:57 am
12:58 am
12:59 am
1:00 am


info Stream Only

Uploaded by TV Archive on